In previous blogs, we have addressed the data security concerns that arise out of the inherent nature of IoT.
However, there are other factors that create new security concerns. First, since many of these devices were designed to solve specific LOB needs, they may be designed for functionality first and security a distant second. And in many cases, they may not be designed with the capacity to restrict access to the data that is collected.
Many industrial and consumer devices have no capacity to monitor, restrict or delete the data they collect. Second, there is the sheer complexity of the inter-connected mesh of devices that can trade and share data.
Ultimately, there isn’t much of a limit to the devices that can be interconnected. The IoT creates a massive sharing platform with an infinite number of potential portals for entry. The security risk multiplies.
The many-to-many, cross-domain nature of the IoT creates unlimited entry points that can be security vulnerabilities. Consider the introduction of the IoT into the business from a managerial perspective.
The IT department has been the traditional area responsible for technology in most organizations. It routinely handles traditional endpoint technology: hardware, software, etc.
However, IoT technology has, at least in part, been introduced operationally, with Line of Business managers (LOB) discovering new applications and then being responsible for its maintenance and security.
As LOB managers find available uses for specific IoT applications, they become the driving force for its introduction. As a result, IT and IoT have tended to develop and grow in silos, with less interaction between the two than is ideal.
The unintended consequence is that the department traditionally responsible for the security issues of all IT is left out of the loop.
From a management point of view, this structure is duplicative and expensive, but it also means that security is un-coordinated across all of the IT facets of the organization, which means a significant likelihood of security vulnerabilities being overlooked.
As a reminder of what can happen with the arrival of hard-to-control new technologies, we need only look back to the new security threats we discovered when the BYOD movement began.
Suddenly the IT department no longer had total, unilateral responsibility and authority over all technology endpoints. The takeaway? New management structures will be needed to control the security vulnerabilities created by the IoT.
